misp-circl-feed/feeds/circl/misp/5acc88e9-265c-4f22-9d2b-b702950d210f.json

208 lines
162 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2018-04-09",
"extends_uuid": "",
"info": "OSINT - PUBG Ransomware Decrypts Your Files If You Play PlayerUnknown's Battlegrounds",
"publish_timestamp": "1523391236",
"published": true,
"threat_level_id": "3",
"timestamp": "1523391234",
"uuid": "5acc88e9-265c-4f22-9d2b-b702950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
},
{
"colour": "#3b7500",
"name": "circl:incident-classification=\"malware\""
},
{
"colour": "#001637",
"name": "ms-caro-malware-full:malware-type=\"Joke\""
},
{
"colour": "#850048",
"name": "workflow:todo=\"create-missing-misp-galaxy-cluster-values\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391188",
"to_ids": false,
"type": "link",
"uuid": "5acc8902-ab3c-4dfc-b0bf-32b6950d210f",
"value": "https://www.bleepingcomputer.com/news/security/pubg-ransomware-decrypts-your-files-if-you-play-playerunknowns-battlegrounds/",
"Tag": [
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391188",
"to_ids": false,
"type": "comment",
"uuid": "5acc9143-c550-4cac-9c62-40f9950d210f",
"value": "In what could only be a joke, a new ransomware has been discovered called \"PUBG Ransomware\" that will decrypt your files if you play the game called PlayerUnknown's Battlegrounds.\r\n\r\nDiscovered by MalwareHunterTeam, when the PUBG Ransomware is launched it will encrypt a user's files and folders on the user's desktop and append the .PUBG extension to them. When it has finished encrypting the files, it will display a screen giving you two methods that you can use to decrypt the encrypted files.",
"Tag": [
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523356033",
"to_ids": true,
"type": "sha256",
"uuid": "5acc9181-5c70-4a02-b2f0-4dae950d210f",
"value": "3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1"
},
{
"category": "Artifacts dropped",
"comment": "ransomnote screen",
"data": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wgARCAIHBJ8DASIAAhEBAxEB/8QAGgAAAgMBAQAAAAAAAAAAAAAAAAMBAgQFBv/EABkBAQEBAQEBAAAAAAAAAAAAAAABAgMEBf/aAAwDAQACEAMQAAABa21t81jC1YwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBZMZ0FZllTJ1hlogsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCmXWrHWc7yWrid87cjr8m4XJOskxJBIsSASSFq2gklYm0lZtK1sBaCUit4spDCqWvKUGQLLQQSFCSoqyoqraXNZArExYTEkBJBIRIAExEgAFEhAErEgBIQSEEwkElQSJAAAVBIQTAAABEEhASoEgEgBAApIEVYRSbyqxlRZaE6O/D0OXbLpwTnW8xoOnTBU6i8TB1qoNxzWm0xIOjbk6R7cjR08vqgMBYwFjAWMBYwFjATDMw3Dvwaxfk9blVSSdZgkIJhCJKJiQtWZbWpJdqOlKmd2fOkJ6djk6cvfs4kQal2Ttzec5PYs5tW2jn17Pn9R969s55Ylyr7nFsrC7awOR6TOuFGsMSO/mOSB0wABIAEwBKwWFrJKQSJEgAAAABQAQSEEwgEkRIQSEEhESEEhBIRIKTEwALIABMTMysTMSxW1UpFos6PQ5/Q5dmGOudbl5Q13whuMUmwwhuMIapySbTHU3GENxhDcYpNgAAAAAAAC13oRj059YvyuryqpMTvMwAEkkRaKAkgkAJDp8zpyzzu1mzvD38pHK7/AJ/0FnAIjc17ufvxeb2OJ3Tz8dq9l/PdvjHXy9Dkypid2+aaa0TWEvGsU9N5v0mN+ajsFmHqW52dYuzy9G8768jsY1xdy9W8sZl52ddHm+i4KdJzePnfR5GhO8P6DeJm9bmnUrj9PndZK05HdlSzm6Kx9BLLMGmdphzdfCaMWzLHQOPaXXzvQ+f3nsTo4WNO1ZuhYL5nTl5FelzumIJLIJACSJmZYm0kWLSxW9SlbVKklnQ34N/HqnTzJmumc9B16cyp2F85xtSQWtlDecyh1kc9xsbgWnTXzWq7XzKHWXgg6N+PJ0l58x1rc5B1DOo3ry7hePfg1i/J6/J1KEm8AEskSSEqBJBMlZkK9Ln9GVmLTzZXprOsz6HzvbzrjV6OKx2+EZuHucLvHnTTfeOjzutxcb6vPOmcJ8G+exjFY6cuIjryn0fm/Sc98CyDpnv8h+nnvm9jBrROrkdeXm6c2rUz4t2LWfQ+d9Fw8b0bJ5Z2eVvyR0vP97nVk7/O1HN6XN6acXucXtnG2GpcqN2A6Utw51pjPuOS3F2OnOmG2fnvu+f9BwNTv+f9BwI3beX1FQYN6ZsW3HqQSakEiRJYixKzMTEzUltWIqK2qABv3Yd3LadPMma6a8aDqHMqdhfOcbUkE3yhvOZQ62fA42NwLTpq5zVdr5lDrLwQdE5UnRpnzHajlXNpk0Doz6CMO7FrN+T12nBPSlnmo9MHmj0pZ5qfSEvmz0gecPRh509EL57R2Q42b0RHnT0RZ51neDBfYZ1zef6Is890OiHOOiHEzekLPN6u0GE3GbyI7BqecPRlnnOl0SPOHoyvP7ukS+f6O8MS+iS8NvXLniJ9CVz+d6EjmaNZLz8HfLOLu2C4sPbDiaOmRwOnsJUK2EvKy98rl5+4JxdHSNTgP7Bc409Ixvn4O+amDB3g4GvqBkXvM3gR6A1PPnoA4B3w4M90OHPbDiz2Q4p2heHHdDhR3g4B3xOfutXOk6eZMvTXjQdQ5lTsL5zjakgm+UN5zKHWz4HGxuBadNXOartfModZeCDonKk6NM+Y7Ucq5rtk0DTPoIx7MlzbDqxUwpNWKxZaKVuWiopwiEeIKfOcTQZxdM4zn22GadY0zlmXQJqPM0Z6azPOuTzPNOjPMrzPNy+M8mgy2XQZy40CIrQZyNBnk0GWy6DPNjxMWaDIzO3iDWHznJdBnkeIAywrj3vbPOWnVztNaDNFmquakuimWJdWziv3z7EZbbzScbMa6Zmt0jxC41mRo4SXDhIOEiuFA0TA8QQ4SK4TA+USNFAwUR0GobKhcno4RS9xLLTC5mlSzPNjJpMoTYpNqk1JIL1GKm0UkmoW+IrejFUXrYTCzTtz6PN3jJrwLbDuwklSrxUsIBCLTSy82UGSJHEJG1sTVtOPupMzz9C5Jz1dRi+3hpatuXrqXm4GoZ18y63rz9FZmM9a2i0pRhrFGxXfJyHK356ljh7qSXarEzclyu+Dksr08yyZ4fQrcnXNNicdaMqwTexcIU1eek53335VXvPP0wMqSrTk6ea1ks5+oi99YuvSmopdWdPW2dZXaSpep3f58SHTzhJEEiwBBFgqWhYJCIsRFossAEBMbNOfXjeLTjmzXOZEdBeStdBeZw5GiBc0B5koblZXK1iFprpkbFdeSlblog0s50mtcZjpGG8OWTTnZ9GbHP6HP1m+DelcsbSsVtYmQ1zWQ1zGQ1hltpFzToDMaRMkbSsUbRMRtizFOwXGbAxmwTGbBcZsDGbAxxtJcVtc1ijcJiNomI2lYjaGI2iY42hjNhWQ2BjNgZDWGQ1hkNZHM5fo8PPpybdaZeZXsKzvmT0ROcvqlnN3adU1lvqnpyyL3pXnZukc+traZ7cMhrLnIawyGsMhrFyGsjIawyGslyGsMhrDIawymolymsMk6gtqU3Gk6eZK9NeNB1DmVOwvnONqSCb5Q3nModbPgcbG4Fp01c5qu18yh1l4IOicqTo0z5jtRyrmuM8mhmfQRz+hz9Yu1XPXtnDk7ZxQ7RxZOyccOwceTsHIDrnJk6py5OmcyTpHNDpHMg6hy4s6pyoOscmTqnKk6hy4OqcojqnKDqnLDqHLK6hyw6hyw6hyw6hzA6ZzIOocuLOqcoOqcoOqcsOocsOocsOocsOocsOicm2b1a8LnZ166fIszv1dvLbq7teazWN0c/np3jyxL6w47d56ZzCzpnMJemc0Okc0Okc2DpnNDpHNI6RzA6ZzA6ZzRekc0Okc2DpnMDqmXVmp08yV6a8aDqHMqdhfOcbUkE3yhvOZQ62fA42NwLTpq5zVdr5lDrLwQdE5UnRpnzHajlXNcZ5NDM+gjn9Dn6xfn9DnhNZqQkJJCSywWIrNpKTeSk3CszJUsJUvIuGRYurIKTYqs2IqWCpIVJCCQCSqlgrMhBMlSwVLBQtFlS0EEhBIQSESERN0yznTWbvqq1MaOhgitdC8dKdbJdcejR1dYqnZCc6r8Q60v3M0vXc0JmqySVJiCJCAAAAJiAAAUAIJgIkNWvLqzpOnmTL0140HUOZU7C+c42pIJvlDecyh1s+BxsbgWnTVzmq7XzKHWXgg6JypOjTPmO1HKua5y6SbpcRz+hz9Yvz+hgIJmokCZiVmaylprK2tW8TaJlAkgkSJAJgJgAiSoLBWZmKkzS6OqULgsuJUYC5uFC4ULQRIBEwREhBYKEhWbwUGQU0w6WefdOdDd11wx0JswK6c2ef27uLnW1K+0kXCgmIM2mLOO62OXswlliK6c9lZIqYmUiCSo6Yzy2VTLoEyypE3kVDai5uFSwP0JdKnTz
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391188",
"to_ids": false,
"type": "attachment",
"uuid": "5acc91b2-bd54-4e44-8aee-35e7950d210f",
"value": "pubg-ransomware.jpg"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1523391192",
"uuid": "2ba7f152-381c-470f-a732-792397b424d4",
"ObjectReference": [
{
"comment": "",
"object_uuid": "2ba7f152-381c-470f-a732-792397b424d4",
"referenced_uuid": "eefb6d88-9cc1-4d65-b266-b2e82a2464b9",
"relationship_type": "analysed-with",
"timestamp": "1523391191",
"uuid": "5acd1ad7-df04-4155-bc1c-464602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1523391189",
"to_ids": true,
"type": "sha1",
"uuid": "5acd1ad5-d454-4166-aa3a-498d02de0b81",
"value": "d63ff86f05b6f2fb86abf0dcd16cd2008fa3c158"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1523391189",
"to_ids": true,
"type": "sha256",
"uuid": "5acd1ad5-0c3c-4e72-8ca1-40d102de0b81",
"value": "3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1523391190",
"to_ids": true,
"type": "md5",
"uuid": "5acd1ad6-9458-43ed-8bda-48b202de0b81",
"value": "0997ba7292ddbac1c7e7ade6766ed53c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1523391190",
"uuid": "eefb6d88-9cc1-4d65-b266-b2e82a2464b9",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1523391190",
"to_ids": false,
"type": "link",
"uuid": "5acd1ad6-61c4-45e4-98f6-4bb802de0b81",
"value": "https://www.virustotal.com/file/3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1/analysis/1523371298/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1523391191",
"to_ids": false,
"type": "text",
"uuid": "5acd1ad7-b308-4547-96b5-41f902de0b81",
"value": "44/66"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1523391191",
"to_ids": false,
"type": "datetime",
"uuid": "5acd1ad7-c180-4b13-bb89-45ba02de0b81",
"value": "2018-04-10T14:41:38"
}
]
}
]
}
}